This website uses cookies. View our cookie policy
Close
USA
Select regional store:

BCM (business continuity management)

What is BCM?

BCM is a form of risk management that deals with the threat of business activities or processes being interrupted by external and/or internal factors. It involves making arrangements to ensure you can respond as effectively as possible in the event of a disruption so mission-critical functions will continue to provide an acceptable level of service.

Effective business continuity can be best attained through the implementation of a BCMS (business continuity management system) aligned to its international standard, ISO 22301.

Click here to download our free green paper that provides an introduction to BCM and ISO 22301 >>


What is the purpose of BCM?

BCM involves planning for any potential disaster by identifying potential threats to an organization and analyzing their impact on its day-to-day operations.

Effective BCM ensures the business is able to provide a minimum acceptable service in the event of a disaster, and helps preserve corporate reputation, image, and revenue.

A growing body of legislation requires businesses in essential areas to implement effective business continuity arrangements. Globally, corporate governance regulations require directors to “exercise reasonable care, skill, and diligence” to mitigate risks facing the organization.

The current cyber threat landscape has made business leaders more aware of the risks of cyber attacks and the importance of being able to respond to and recover from such attacks.

Effective BCM, based on international best-practice standards such as ISO 22301, can protect organizations from widespread business disruption in the event of a successful cyber attack.

Read about the benefits of effective BCM >>


The BCM lifecycle

Effective BCM is centered around the stages of the BCM lifecycle, and involves identifying threats, performing a BIA (business impact analysis), designing and implementing a business continuity plan, compiling documentation, measuring and testing performance, and conducting maintenance and continual improvement work.


Business continuity planning

BCP (business continuity planning) involves the processes and procedures for the development, testing, and maintenance of business continuity plans that will enable an organization to continue operating during and after a disaster. BCP is an essential element of a BCMS.

Plans typically detail how to manage incidents that affect an organization’s business-critical processes and activities, from failure of a single server all the way through to complete loss of a major facility. BCP is a response to an enterprise-level risk assessment. Best practice for BCP is set out in ISO/IEC 22301.


Disaster recovery planning

DRP (Disaster recovery planning) usually takes place within the BCP framework. Disaster recovery plans are often relatively technical and focus on the recovery of specific operations, functions, sites, services, or applications. A single business continuity plan might contain or refer to a number of disaster recovery plans. Best practice for disaster recovery is set out in ISO/IEC 22301.

Find out how you can get started with developing your business continuity and disaster recovery plans. Speak to a BCM expert today. 

Speak to an expert

ISO 27031 – ICT continuity best practice

ISO 27031 provides recommendations specifically for ICT (information and communications technology) continuity management within the overall business continuity framework provided by ISO 22301. ISO 27031 makes ISO 22301 relevant to ICT but can also be used on a standalone basis should an organization wish to tackle ICT continuity management specifically. Purchase the ISO 27031 standard here >>


Let’s get started on your business continuity management project

IT Governance has a wide range of affordable solutions that are easy to use and ready to deploy.

BCM/ISO 22301 resources


Speak to a BCM expert

Whatever the nature or size of your problem, we are here to help. Get in touch using one of the contact methods below.